4 Replies Latest reply on Oct 3, 2010 12:27 PM by vinod.pandey

    Problems with SSL redirection on JBoss 5.1.0GA

    skidvd
    skidvd Jul 21, 2010 8:58 AM

      Hello,

       

      Sorry for the cross post, but thought that this may be a better place for this question.

       

      I'm using  JBoss [The Oracle] 5.1.0.GA.  In previous releases I have successfully configured SSL and and the associated port redirection without any problems.  However, in this environment, I am having unexpected problems.  Your help will be greatly appreciated....

       

       

      Here is what I have....

       

       

      from server.xml:


           <!-- A HTTP/1.1 Connector on port 7000 -->
            <Connector protocol="HTTP/1.1" port="7000" address="${jboss.bind.address}"
                     connectionTimeout="20000" redirectPort="7001" />

            <!-- Add this option to the connector to avoid problems with
                .NET clients that don't implement HTTP/1.1 correctly
               restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
            -->

            <!-- A AJP 1.3 Connector on port 8009 -->
            <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
               redirectPort="7001" />

       

            <!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
            <Connector protocol="HTTP/1.1" SSLEnabled="true" enableLookups="true"
                 port="7001" address="${jboss.bind.address}"
                 scheme="https" secure="true" clientAuth="false"
                 keystoreFile="${jboss.home.dir}/certs/mysvr1.jks"
                 keystorePass="zzzzz" sslProtocol = "TLS"
                 truststoreFile="${jboss.home.dir}/certs/mysvr1Trust.jks"
                 truststorePass="zzzzz" />

       

      from my apps web.xml:

       

      from web.xml:

      <security-constraint>
              <web-resource-collection>
                  <web-resource-name>All restricted resources</web-resource-name>
                  <description>Protects all AppAdmin restricted resources</description>
                  <url-pattern>/pages/*</url-pattern>
                  <http-method>GET</http-method>
                  <http-method>POST</http-method>
              </web-resource-collection>
              <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
              </user-data-constraint>
      </security-constraint>

       

      Symptoms:

       

      http://myserver:7000/Myapp/login.xhtml (when I hit this URL, it produces downloadable result - as expected - this is not within the data-constraint resource-collection)

      http://myserver:7000/Myapp/pages/index.jsf  (when I hit this URl, I expect to be redirected to SSL port (inside data-constraint); but do NOT get redirected - i.e., URL stays http and port 700 - and results in Cannot find server or DNS error)

      https://myserver:7001/Myapp/pages/index.jsf (works as expected - this shows that SSL appears to be configured and working properly)

       

      Why is the redirect from an non SSL URL to an SSL URL (when accessing a data-constratint resource) not happening?  Again, your help is greatly appreciated!

      • 15135 Views
      • Tags:
        • 1. Re: Problems with SSL redirection on JBoss 5.1.0GA
          jfclere
          jfclere Jul 21, 2010 9:42 AM (in response to skidvd)

          http://myserver:7000/Myapp/pages/index.jsf   (when I hit this URl, I expect to be redirected to SSL port (inside  data-constraint); but do NOT get redirected - i.e., URL stays http and  port 700 - and results in Cannot find server or DNS error)

          Well does the redirect... overwise you won't complain about can't  find and or DNS error.

          Try to see what is in the redirect message (use curl -v for example).

          1 of 1 people found this helpful
            • Actions
          • 2. Re: Problems with SSL redirection on JBoss 5.1.0GA
            skidvd
            skidvd Jul 21, 2010 2:23 PM (in response to jfclere)

            Good point.  I'll investigate the response.... Thanks Jean-Frederic!

              • Actions
            • 3. Re: Problems with SSL redirection on JBoss 5.1.0GA
              skidvd
              skidvd Jul 21, 2010 2:29 PM (in response to skidvd)

              Thanks to Jean-Frederic's observation, I was able to investigate the reponse returned from the original non-SSL request.  In fact, the redirection was happening.  However, the request was being requested to a port different from that configured in my server.xml.  Upon further examination, I determined that the SBM was 'overriding' the ports configured in server.xml.  After some changes in bindings--jboss-beans.xml to add fixedPort properties for the affected services, all works as desired.

                • Actions
              • 4. Re: Problems with SSL redirection on JBoss 5.1.0GA
                vinod.pandey
                vinod.pandey Oct 3, 2010 12:27 PM (in response to skidvd)

                Hi....

                 

                I have same problem not exctly but looks similar. First thing is that when I use constraints in web.xml, web service does not deploy successfully on JBoss Application server 5.1.0 (without any constraints web service works fine). Can you please suggest any solution for this problem and please also explains that what changes are required in bindings--jboss-beans.xml. I'll appritiate you help....

                 

                Thanks

                Vinod Pandey

                NHST, India

                  • Actions